Skip Navigation
BlackBerry ThreatVector Blog

BlackBerry Prevents: BluStealer Malware

BluStealer is a new information-stealing malware that contains the functionality to steal login credentials, credit card data, cryptocurrency and more. This harvested data is returned to the attacker via SMTP and the Telegram Bot API. 

The malware consists of a loader built in Visual Basic, which is used to load open-source .NET assembly hack tools such as ChromeRecovery and ThunderFox. The payloads contained within the loader vary from sample to sample, which highlights the malware author’s ability to customize each component separately.  

DEMO VIDEO: BlackBerry vs. BluStealer Malware

BlackBerry Cyber Suite and BlackBerry Guard stop these attacks. 

BlackBerry customers can feel confident that our AI-driven BlackBerry® Cyber Suite, as well as our Managed Detection & Response (MDR) solution BlackBerry® Guard, and our Zero Trust Network Access solution BlackBerry® Gateway are well-equipped to mitigate the risks posed by threat actors: 

  • BlackBerry® Protect provides automated malware prevention, application and script control, memory protection, and device policy enforcement. 
  • BlackBerry® Optics extends the threat prevention by using artificial intelligence (AI) to prevent security incidents. It provides true AI incident prevention, root cause analysis, smart threat hunting, and automated detection and response capabilities. 
  • BlackBerry® Gateway provides zero trust network access to reduce risk by protecting traffic through the perimeter and performing encrypted packet analysis. BlackBerry Gateway® creates a network that is identity-aware per user, with continuous authorization to thwart zero-day attacks.
  • The BlackBerry® Mobile Threat Defense (MTD) solution prevents and detects advanced malicious threats at the device and application levels. It combines the mobile endpoint management capabilities of BlackBerry® Unified Endpoint Manager (UEM) with advanced AI-driven threat protection, to get in front of malicious cyberattacks in a Zero Trust environment. 
  • BlackBerry® Persona creates trust based on behavior analytics, app usage, and network and process invocation patterns. It uses adaptive risk scoring to provide continuous authentication. 
  • BlackBerry Guard customers are proactively protected from BluStealer malware attacks. Our 24/7 MDR solution customers receive: 
    • Alerts monitored in real-time  
    • Corrective policies applied while discovering gaps in policy implementation 
    • Prioritized threat hunting 
    • The latest threat intelligence for fast-moving threats 

Prevention First

At BlackBerry, we take a prevention-first and AI-driven approach to cybersecurity. Putting prevention first neutralizes malware before the exploitation stage of the kill-chain. 

By stopping malware at this stage, BlackBerry® solutions help organizations increase their resilience. It also helps to reduce infrastructure complexity and streamline security management, ensuring your business, people and endpoints are secure. 

BlackBerry Assistance 

The BlackBerry Incident Response team can work with organizations of any size and across any vertical, to evaluate and enhance their endpoint security posture and proactively maintain the security, integrity, and resilience of their network infrastructure. 

For emergency assistance, please email us at DLIR@blackberry.com, or use our handraiser form. 

Learn more about BluStealer in our deep dive blog, Threat Thursday: BluStealer Infostealer

Video Transcription

In this video, we will demonstrate one of the main benefits of an AI-based endpoint protection approach that we like to call Temporal Predictive Advantage, which is the ability to predict and prevent today’s threats with machine learning models, many years before these threats ever existed.

In this case, BluStealer a new information-stealing malware that contains the functionality to steal login credentials, credit card data, cryptocurrency and more – we have collected not only the main loader but also all the modules that come with the threat and will show our preventive capabilities for each stage.

First, let’s copy the loader which typically comes as an attachment in phishing campaigns and it’s responsible for the execution of all the subsequent modules. As you can notice, BlackBerry® Protect prevents in milliseconds.

Let’s continue with the ChromeRecovery module which, as the name implies, collects information from the victim’s Internet Browser, been capable of recognizing up to 30 different browsers to steal password and any other data considered of value. Once again, prevented six years before it ever existed.

As a final stage, let’s try with the remaining two modules, one targeting FTP and email apps, and another one looking for cryptocurrency information. Both are prevented as well in pre-execution.

 Prevention is possible with BlackBerry.

The BlackBerry Research & Intelligence Team

About The BlackBerry Research & Intelligence Team

The BlackBerry Research & Intelligence team examines emerging and persistent threats, providing intelligence analysis for the benefit of defenders and the organizations they serve.